Netizen Cybersecurity Bulletin: 5 July 2018 Edition

In this issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • IoT in the Workplace: Are you at risk?
  • Fake OVERDUE INVOICES alert Malware disguised as billing notices
  • Two-Factor Inauthentication–The Rise in SMS Phishing Attacks
  • How can Netizen Help?

Cybersecurity Assurance TIPS

IoT in the Workplace

Are you at Risk?

As mobile and IoT devices become more and more important to the overall success of modern business, the inherent security vulnerabilities they bring to information technology infrastructures becomes more acute—and more dangerous. The enthusiastic, and somewhat reckless, embrace of BYOD mo- bile and IoT devices by so many businesses, all hoping to capitalize on em- ployee mobile productivity, may have far-reaching and costly security con- sequences for all of us.

According to Verizon’s Mobile Security Index 2018, only 14% of the re- sponding organizations said they had implemented even the most basic cy- bersecurity practices, with an astonishing 32% of these IT professionals ad- mitting that their organization sacrifices mobile security to improve busi- ness performance on a regular basis. That general lax attitude toward cy- bersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.

Businesses, regardless of size or technical sophistication, can’t afford to continue treating cybersecurity, especially with regard to IoT, as an after- thought. Besides the obvious costs of lost productivity from system down- time, there is a substantial potential for fines and penalties stemming from data loss and violation of privacy regulations. Whether you like it or not, cybersecurity must be a vital and integral part of your strategic plan.

Recommendation:

  • Ensure any IoT installed in the workplace meet with the business’ System Security Plan for ‘BYOD’ devices.

Fake URGENT PAYMENT for overdue bills

Malware delivered in phony billing notice

An email with the subject of “FW: URGENT PAYMENT FOR OVERDUE IN- VOICES” pretending to come from FINANCE <salgar@dgkw.com> with both a malicious Word DOC and an Excel XLS spreadsheet attachment delivers the Formbook malware. The only real reason to mention this is the dual attachment so trying to get 2 bites at the cherry. They are using email ad- dresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.

Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com>. That is why these scams and phishes work so well.

All the alleged senders, companies, names of employees, phone numbers, amounts, reference numbers etc. mentioned in the emails are all innocent and are just picked at random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys choose companies, Government departments and other organizations with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.

Recommendation:

By default, protected view is enabled and macros are disabled, UNLESS you or your company have enabled them. If protected view mode is turned off and macros are enabled then opening this malicious word document will infect you, and simply previewing it in windows explorer or your email client might well be enough to infect you.

Two-Factor Inauthenticaiton

The Rise in SMS Phishing Attacks

As cyber criminals are constantly on the prowl to capture passwords and other credentials, two-factor authentication (2FA) has become one of the most widely accepted backup verifications for many services and compa- nies. Since nearly everyone has a mobile phone, the 2FA method most widely used is a code sent via SMS text message.

However, SMS is not entirely secure. Anyone with direct access to your cell phone can pretend to be you and have a code sent to your device. In fact, thieves do not need to have the device in their hands, as 2FA is also vulner- able to remote phishing. We most often think of phishing attacks as taking place over email, targeting information such as passwords, but the same tactic can very easily be applied over SMS and targeting reset codes. One particularly powerful technique is the Verification Code Forwarding Attack, or VCFA. For this approach, the criminal accesses a service provider and requests an SMS code to reset their password for a particular user. Immedi- ately afterwards, they send a fake text message to the same user, pretend- ing to be the service provider and asking for the code “as an additional veri- fication measure”.

In a research experiment conducted at New York University, it was discov- ered that the VCFA technique can be incredibly effective. 300 volunteers, who were not aware that the experiment involved SMS phishing, were sent a variety of different messages designed after real SMS from their email provider. The most successful message was able to fool 50 percent of recip- ients into giving up their authentication code, which is an impossibly high result for most forms of social engineering. By comparison, most non- targeted email-based phishing attacks have a success rate of around 1 per cent, with the very best reaching two or three percent.

Any service being breached in this way would mean severe repercussions for the victim, most obviously online payment, retail, and anything else con- nected to financial data. The holy grail for any attacker is to gain access to an email account, a tactic known Email Account Compromise (EAC).

While financial details can be exploited as a one-off opportunity before the bank takes action, an email account can be used in to cause much more damage.

While SMS remains so widespread and more attackers pick up on SMS phishing attacks, it is more important than ever for organizations to be aware that their workforce’s digital identities may be compromised.

Recommendation

  • Adopt using a code-generating app such as Microsoft Authenticator on your mobile device

How can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing ad- vanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of exec- utive-level cybersecurity professionals without having to bear the cost of employing them full time. We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compli- ance information for audiences ranging from IT professionals to executive managers.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s